Hackers force smart TVs, Chromecasts to promote PewDiePie

Thousands of hacked Chromecasts and smart TVs are hijacked to show this image.

Screenshot by Alfred Ng / CNET

More than 5,500 exposed smart TVs, Chromecast streamers and Google Home devices have been commandeered in the name of YouTube mega-star PewDiePie.

Hacker Giraffe, the same pseudonymous person who forced thousands of exposed printers last year to churn out pages saying "Subscribe to PewDiePie," has his set sight on smart devices to promote the Swedish YouTube star's channel. Not that PewDiePie needs much help. He has the top-ranked channel with nearly 79.5 million subscribers.

If you're a victim, the Chromecast hack will push a video message to your television that reads, "Your Chromecast/Smart TV is exposed to the public internet and is exposing sensitive information about you!"

The message then provides link explaining how users can secure their devices before adding: "You should also Subscribe to PewDiePie."

Hacker Giraffe worked on the hack with a partner who goes by j3ws3r, who said the video was done "out of respect" for the community.

"We could have done anything," the partner said. "Jumped the air gap and made the TV say, 'hey Alexa, buy me 5,000 toilet rolls."

Security researchers at Pen Test Partners found they could use the Chromecast exploit to play videos with voice commands to smart home devices like Amazon's Alexa.

Despite its meme-inspired nature, the hackers said the "true aim of this hack" is to raise awareness about how many connected devices are exposed online.

Hacker Giraffe believes that forcing TVs to play the PewDiePie promotional clip is innocent, as malicious attackers could have done much worse, like remotely resetting devices. On the link in the video, he wrote, "We just want to have a bit of fun while educating and protecting people from open devices like this case."

A Google spokesperson said that Chromecast owners can fix the issue by changing their router settings.

"This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable," the spokesperson said in a statement.

Hacker Giraffe said he was able to take over thousands of exposed Chromecasts and smart TVs using Shodan, a search engine for connected devices. He looked for devices that had open ports 8008 and 8443, which is how most smart devices connect to the internet.

He found 123,141 exposed devices in the initial scan.

#CastHack/#ChromecastHack right now on my server, here is what happens:1. Script checks if the IP is a Google Home, SmartTV, or Chromecast2. Renames device to HACKED_SUB2PEWDS_#3. Attempts to play the YouTube video I'm preparing

The script renamed the exposed devices to HACKED_SUBTOPEWDS. The script then sent the PewDiePie promotional video to all devices with that name. The hacker said that some TVs couldn't be renamed, but still played the video. The Google Home devices without screens were hacked but cannot play the video.

You can secure your devices by going to your router's settings and preventing it from forwarding your network traffic to ports 8008, 8443 and 8009. He also recommended turning off Universal Plug and Play settings that allow you to add devices to your network without much effort.

The script began running at about 5 a.m. PT and, in two hours, hijacked more than 5,500 devices.

Originally published Jan. 2 at 8:34 a.m. PT. Update, 3:30 p.m. PT: To include more details on the hackers behind the exploit, and a response from PewDiePie.

Blockchain Decoded: CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.

Follow the Money: This is how digital cash is changing the way we save, shop and work.